Interactive Story Directory Traversal Vulnerability

This example was included in the BugTraq posting by qDefense Advisories <advisories@qDefense.com>:

If an attacker sets the "next" field to something like
../../../../../../../../../../etc/passwd%00, Interactive Story will open and display the password file.


 

Privacy Statement
Copyright 2010, SecurityFocus